Security/EscapeOutput: fix namespaced ::class detection

The sniff now correctly identifies namespaced class references like `\MyNamespace\ClassName::class` and `namespace\ClassName::class` as safe output that doesn't require escaping. Support for `ClassName::class` was added in 2326, but I believe namespaced classes were not considered.

Author: rodrigoprimo

WordPress/Sniffs/Security/EscapeOutputSniff.php

@@ -615,8 +615,13 @@ protected function check_code_is_escaped( $start, $end, $code = 'OutputNotEscape
 			if ( \T_STRING === $this->tokens[ $i ]['code']
 				|| \T_VARIABLE === $this->tokens[ $i ]['code']
 				|| isset( Collections::ooHierarchyKeywords()[ $this->tokens[ $i ]['code'] ] )
+				|| \T_NAMESPACE === $this->tokens[ $i ]['code']
 			) {
-				$double_colon = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), $end, true );
+				$skip_tokens                    = Tokens::$emptyTokens;
+				$skip_tokens[ \T_STRING ]       = \T_STRING;
+				$skip_tokens[ \T_NS_SEPARATOR ] = \T_NS_SEPARATOR;
+
+				$double_colon = $this->phpcsFile->findNext( $skip_tokens, ( $i + 1 ), $end, true );
 				if ( false !== $double_colon
 					&& \T_DOUBLE_COLON === $this->tokens[ $double_colon ]['code']
 				) {

WordPress/Tests/Security/EscapeOutputUnitTest.1.inc

@@ -676,3 +676,14 @@ throw new
 /* some comment */
 #[Attribute2('text', 10)]
 readonly class( $unescaped ) {}; // Bad.
+
+/*
+ * Safeguard correct handling of all types of namespaced function calls when *::class is used.
+ *
+ * Note: using ::class on fully qualified or namespace relative class names doesn't provide
+ * any real value in practice.
+ */
+_deprecated_function( __METHOD__, 'x.x.x', \ClassName::class ); // OK.
+die( \MyNamespace\ClassName::class . ' has been abandoned' ); // OK.
+echo 'Do not use ' . MyNamespace\ClassName::class; // OK.
+_deprecated_function( __METHOD__, 'x.x.x', namespace\ClassName::class ); // OK.